Country Blocking Exceptions
On the Network Protection > Firewall > Country Blocking Exceptions tab you can define exceptions for countries that are blocked on the Country Blocking tab. Exceptions can be made for traffic between a blocked country or location and specific hosts or networks, taking into account the direction and the service of the traffic.
To create a country blocking exception, proceed as follows:
-
Click New Exception List.
The Add Exception List dialog box opens.
-
Specify the following settings:
Name: Enter a descriptive name for the exception.
Comment (optional): Add a description or other information.
Skip blocking of these:
- Region: Using this drop-down list, you can narrow down the countries displayed in the Countries box.
-
Countries: Select the checkboxes in front of the locations or countries you want to make the exception for. To select all countries at once, enable the Select all checkbox.
Note – To select all IP addresses, including those that are not associated with any country, for example internal IP addresses, deselect all checkboxes using the Deselect all checkbox.
For all requests: Select the condition under which the country blocking should be skipped. You can choose between outgoing and incoming traffic, referring to the hosts/networks to be selected in the box below.
- Hosts/networks: Add or select the hosts/networks that should be allowed to send traffic to or receive traffic from the selected countries—depending on the entry selected in the drop-down list above. For how to add a network definition, see Definitions & Users > Network Definitions > Network Definitions.
Using these services: Optionally, add the services that should be allowed between the selected hosts/networks and the selected countries/locations. If no service is selected, all services are allowed.
-
Click Save.
The new country blocking exception appears on the Country Blocking Exception list.
To either edit or delete an exception, click the corresponding buttons.
Using Country Blocking Exceptions
Use the country blocking exceptions as follows:
Interface/remote host | Requests | Host/network | Countries |
---|---|---|---|
Local interface | Coming from | Enter a local interface address | Choose countries to skip |
Local interface | Going to | Enter a local interface address | Choose countries to skip |
Remote host (internal network) | Coming from | Enter an internal host/network | Choose countries to skip |
Remote host (external network) | Coming from | Enter an external host | Do not choose countries |
Remote host (internal network) | Going to | Enter an internal host/network | Choose countries to skip |
Remote host (external network) | Going to | Enter an external host | Do not choose countries |